diff options
Diffstat (limited to 'openbsd-compat/openssl-compat.c')
-rw-r--r-- | openbsd-compat/openssl-compat.c | 166 |
1 files changed, 32 insertions, 134 deletions
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 885c121f2..defd5fb61 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openssl-compat.c,v 1.17 2014/02/13 05:38:33 dtucker Exp $ */ | 1 | /* $Id: openssl-compat.c,v 1.19 2014/07/02 05:28:07 djm Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> | 4 | * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au> |
@@ -16,6 +16,7 @@ | |||
16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | 16 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
17 | */ | 17 | */ |
18 | 18 | ||
19 | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS | ||
19 | #include "includes.h" | 20 | #include "includes.h" |
20 | 21 | ||
21 | #include <stdarg.h> | 22 | #include <stdarg.h> |
@@ -26,147 +27,44 @@ | |||
26 | # include <openssl/conf.h> | 27 | # include <openssl/conf.h> |
27 | #endif | 28 | #endif |
28 | 29 | ||
29 | #ifndef HAVE_RSA_GET_DEFAULT_METHOD | ||
30 | # include <openssl/rsa.h> | ||
31 | #endif | ||
32 | |||
33 | #include "log.h" | 30 | #include "log.h" |
34 | 31 | ||
35 | #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS | ||
36 | #include "openssl-compat.h" | 32 | #include "openssl-compat.h" |
37 | 33 | ||
38 | #ifdef SSH_OLD_EVP | 34 | /* |
39 | int | 35 | * OpenSSL version numbers: MNNFFPPS: major minor fix patch status |
40 | ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type, | 36 | * We match major, minor, fix and status (not patch) for <1.0.0. |
41 | unsigned char *key, unsigned char *iv, int enc) | 37 | * After that, we accept compatible fix and status versions (so we |
42 | { | 38 | * allow 1.0.1 to work with 1.0.0). Going backwards is only allowed |
43 | EVP_CipherInit(evp, type, key, iv, enc); | 39 | * within a patch series. |
44 | return 1; | 40 | */ |
45 | } | ||
46 | |||
47 | int | ||
48 | ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len) | ||
49 | { | ||
50 | EVP_Cipher(evp, dst, src, len); | ||
51 | return 1; | ||
52 | } | ||
53 | |||
54 | int | ||
55 | ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) | ||
56 | { | ||
57 | EVP_CIPHER_CTX_cleanup(evp); | ||
58 | return 1; | ||
59 | } | ||
60 | #endif | ||
61 | |||
62 | #ifndef HAVE_EVP_DIGESTINIT_EX | ||
63 | int | ||
64 | EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine) | ||
65 | { | ||
66 | if (engine != NULL) | ||
67 | fatal("%s: ENGINE is not supported", __func__); | ||
68 | # ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
69 | EVP_DigestInit(ctx, md); | ||
70 | return 1; | ||
71 | # else | ||
72 | return EVP_DigestInit(ctx, md); | ||
73 | # endif | ||
74 | } | ||
75 | #endif | ||
76 | |||
77 | #ifndef HAVE_EVP_DIGESTFINAL_EX | ||
78 | int | ||
79 | EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s) | ||
80 | { | ||
81 | # ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
82 | EVP_DigestFinal(ctx, md, s); | ||
83 | return 1; | ||
84 | # else | ||
85 | return EVP_DigestFinal(ctx, md, s); | ||
86 | # endif | ||
87 | } | ||
88 | #endif | ||
89 | |||
90 | #ifdef OPENSSL_EVP_DIGESTUPDATE_VOID | ||
91 | int | ||
92 | ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) | ||
93 | { | ||
94 | EVP_DigestUpdate(ctx, d, cnt); | ||
95 | return 1; | ||
96 | } | ||
97 | #endif | ||
98 | |||
99 | #ifndef HAVE_EVP_MD_CTX_COPY_EX | ||
100 | int | ||
101 | EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | ||
102 | { | ||
103 | return EVP_MD_CTX_copy(out, in); | ||
104 | } | ||
105 | #endif | ||
106 | |||
107 | #ifndef HAVE_BN_IS_PRIME_EX | ||
108 | int | ||
109 | BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb) | ||
110 | { | ||
111 | if (cb != NULL) | ||
112 | fatal("%s: callback args not supported", __func__); | ||
113 | return BN_is_prime(p, nchecks, NULL, ctx, NULL); | ||
114 | } | ||
115 | #endif | ||
116 | |||
117 | #ifndef HAVE_RSA_GENERATE_KEY_EX | ||
118 | int | ||
119 | RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb) | ||
120 | { | ||
121 | RSA *new_rsa, tmp_rsa; | ||
122 | unsigned long e; | ||
123 | |||
124 | if (cb != NULL) | ||
125 | fatal("%s: callback args not supported", __func__); | ||
126 | e = BN_get_word(bn_e); | ||
127 | if (e == 0xffffffffL) | ||
128 | fatal("%s: value of e too large", __func__); | ||
129 | new_rsa = RSA_generate_key(bits, e, NULL, NULL); | ||
130 | if (new_rsa == NULL) | ||
131 | return 0; | ||
132 | /* swap rsa/new_rsa then free new_rsa */ | ||
133 | tmp_rsa = *rsa; | ||
134 | *rsa = *new_rsa; | ||
135 | *new_rsa = tmp_rsa; | ||
136 | RSA_free(new_rsa); | ||
137 | return 1; | ||
138 | } | ||
139 | #endif | ||
140 | 41 | ||
141 | #ifndef HAVE_DSA_GENERATE_PARAMETERS_EX | ||
142 | int | 42 | int |
143 | DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed, | 43 | ssh_compatible_openssl(long headerver, long libver) |
144 | int seed_len, int *counter_ret, unsigned long *h_ret, void *cb) | ||
145 | { | 44 | { |
146 | DSA *new_dsa, tmp_dsa; | 45 | long mask, hfix, lfix; |
147 | 46 | ||
148 | if (cb != NULL) | 47 | /* exact match is always OK */ |
149 | fatal("%s: callback args not supported", __func__); | 48 | if (headerver == libver) |
150 | new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len, | 49 | return 1; |
151 | counter_ret, h_ret, NULL, NULL); | 50 | |
152 | if (new_dsa == NULL) | 51 | /* for versions < 1.0.0, major,minor,fix,status must match */ |
153 | return 0; | 52 | if (headerver < 0x1000000f) { |
154 | /* swap dsa/new_dsa then free new_dsa */ | 53 | mask = 0xfffff00fL; /* major,minor,fix,status */ |
155 | tmp_dsa = *dsa; | 54 | return (headerver & mask) == (libver & mask); |
156 | *dsa = *new_dsa; | 55 | } |
157 | *new_dsa = tmp_dsa; | 56 | |
158 | DSA_free(new_dsa); | 57 | /* |
159 | return 1; | 58 | * For versions >= 1.0.0, major,minor must match and library |
160 | } | 59 | * fix version must be equal to or newer than the header. |
161 | #endif | 60 | */ |
162 | 61 | mask = 0xfff00000L; /* major,minor */ | |
163 | #ifndef HAVE_RSA_GET_DEFAULT_METHOD | 62 | hfix = (headerver & 0x000ff000) >> 12; |
164 | RSA_METHOD * | 63 | lfix = (libver & 0x000ff000) >> 12; |
165 | RSA_get_default_method(void) | 64 | if ( (headerver & mask) == (libver & mask) && lfix >= hfix) |
166 | { | 65 | return 1; |
167 | return RSA_PKCS1_SSLeay(); | 66 | return 0; |
168 | } | 67 | } |
169 | #endif | ||
170 | 68 | ||
171 | #ifdef USE_OPENSSL_ENGINE | 69 | #ifdef USE_OPENSSL_ENGINE |
172 | void | 70 | void |